Return to errata.html CVS log

Up to [local] / www

fix last commit.
<a name ..> tag always before <li><font ..> tags.
For instance, this fix link-jump from security.html

jason@ ok

<!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD 3.0 errata</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997-2001 by OpenBSD.">
</head>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">

<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
<h2><font color=#0000e0>
This is the OpenBSD 3.0 release errata &amp; patch list:

</font></h2>

<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
<a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
<a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
<a href=errata29.html>For 2.9 errata, please refer here</a>.<br>
<hr>

<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0.tar.gz>
You can also fetch a tar.gz file containing all the following patches</a>.
This file is updated once a day.

<p> The patches below are available in CVS via the
<code>OPENBSD_3_0</code> <a href="stable.html">patch branch</a>.

<p>
For more detailed information on install patches to OpenBSD, please
consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
<hr>

<dl>
<a name=all></a>
<li><h3><font color=#e00000>All architectures</font></h3>
<ul>
<a name=ptrace></a>
<li><font color=#009000><strong>012: SECURITY FIX: January 21, 2002</strong></font><br>
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/012_ptrace.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=sudo>
<li><font color=#009000><strong>011: SECURITY FIX: January 17, 2002</strong></font><br>
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
sudo(8) which runs the mailer as root with an environment inherited
from the invoking user.  While this is a bug in sudo it is not
believed to be possible to exploit when sendmail (the mailer that
ships with OpenBSD) is the mailer.  As of version 1.6.5, sudo passes
the mailer an environment that is not subject to influence from the
invoking user.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/011_sudo.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=ipip>
<li><font color=#009000><strong>010: RELIABILITY FIX: December 13, 2001</strong></font><br>
Systems running with IP-in-IP encapulation can be made to crash by
malformed packets.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/010_ipip.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=lpd>
<li><font color=#009000><strong>008: SECURITY FIX: November 28, 2001</strong></font><br>
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory.  Only machines
with line printer access (ie: listed in either /etc/hosts.lpd or
/etc/hosts.equiv) may be used to mount an attack and the attacker
must have root access on the machine.  OpenBSD does not start lpd
in the default installation.<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=vi.recover>
<li><font color=#009000><strong>007: SECURITY FIX: November 13, 2001</strong></font><br>
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=pf>
<li><font color=#009000><strong>006: SECURITY FIX: November 13, 2001</strong></font>
<br>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch">A source code patch exists which remedies the problem</a>.
<p>
<a name=sshd>
<li><font color=#009000><strong>002: SECURITY FIX: November 12, 2001</strong></font><br>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
<p>
<ul>
<li>A security hole that may allow an attacker to partially authenticate
if -- and only if -- the administrator has enabled KerberosV.
<br>
By default, OpenSSH KerberosV support only becomes active after KerberosV
has been properly configured.
<p>
<li>An excessive memory clearing bug (which we believe to be unexploitable)
also exists, but since this may cause daemon crashes, we are providing a
patch as well.
<p>
<li>A vulnerability in environment passing in the <code>UseLogin</code>
<i>sshd</i> option 
<p>
<li>Various other non-critical fixes.
</ul>
<p>
Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2,
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/002_ssh2.patch">a source code patch exists which remedies these problems</a>.
This is the second version of this patch.
<p>
<a name=hosts>
<li><font color=#009000><strong>001: INSTALL ISSUE: November 12, 2001</strong></font><br>
A small bug in the installation script causes the <tt>/etc/hosts</tt> file to
be incorrectly formed.<br>
The resulting file contains a line which reads like:<p>
<tt>
&nbsp;&nbsp;&nbsp;#.#.#.# hostname. hostname
</tt>
<p>
This line should actually read something like:<p>
<tt>
&nbsp;&nbsp;&nbsp;#.#.#.# hostname.domainname.com hostname
</tt>
<p>
To correct this problem, simply edit the file and insert the domainname in
the required place.
<p>
</ul>
<p>
<a name=i386></a>
<li><h3><font color=#e00000>i386</font></h3>
<ul>
<a name=hifn>
<li><font color=#009000><strong>004: RELIABILITY FIX: November 12, 2001</strong></font>
<br>
Hifn7751 based cards may stop working on certain motherboards due to
DMA errors.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/i386/004_hifn.patch">A source code patch exists which remedies the problem</a>.
<p>
</ul>
<p>
<a name=alpha></a>
<li><h3><font color=#e00000>alpha</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=mac68k></a>
<li><h3><font color=#e00000>mac68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=sparc></a>
<li><h3><font color=#e00000>sparc</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=sparc64></a>
<li><h3><font color=#e00000>sparc64</font></h3>
<ul>
<a name=sparc64cd></a>
<li><font color=#009000><strong>003: RELIABILITY FIX: November 12, 2001</strong></font>
<br>
Access to a CD drive on the PCI ultrasparc machines results in a continuous stream
of bogus interrupt messages, causing great user anguish.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/sparc64/003_sparc64cd.patch">A source code patch exists which remedies the problem</a>.
<p>
</ul>
<p>
<a name=amiga></a>
<li><h3><font color=#e00000>amiga</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=hp300></a>
<li><h3><font color=#e00000>hp300</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=mvme68k></a>
<li><h3><font color=#e00000>mvme68k</font></h3>
<ul>
<li>No problems identified yet.
</ul>
<p>
<a name=macppc></a>
<li><h3><font color=#e00000>macppc</font></h3>
<ul>
<a name=macppcinstall></a>
<li><font color=#009000><strong>009: INSTALLATION FIX: December 11, 2001</strong></font>
<br>
The 3.0 CD2 was created with an error which means that the instructions
for booting this architecture will not work.  Instead, to boot the
CD, press Option-Command-O-F during power up to get into OpenFirmware
and then type:
<br>
<code>boot cd:,OFWBOOT /3.0/macppc/bsd.rd</code>
<p>
<a name=altivec></a>
<li><font color=#009000><strong>005: RELIABILITY FIX: November 12, 2001</strong></font>
<br>
Execution of Altivec instructions will crash the kernel.
<br>
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/macppc/005_altivec.patch">A source code patch exists which remedies the problem</a>.
<p>
</ul>
<p>
<a name=vax></a>
<li><h3><font color=#e00000>vax</font></h3>
<ul>
<li>No problems identified yet.
</ul>

</dl>
<br>

<hr>
<a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
<a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
<a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
<a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
<a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
<a href=errata28.html>For 2.8 errata, please refer here</a>.<br>
<a href=errata29.html>For 2.9 errata, please refer here</a>.<br>
<hr>

<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: errata.html,v 1.371 2002/01/22 14:31:52 mpech Exp $</small>

</body>
</html>